It has been reported that Xenotime, the threat actor behind the 2017 Trisis/Triton malware attack, is now targeting — in addition to oil and gas organizations — electric utilities in the United States and the Asia-Pacific (APAC) region. Xenotime initially appeared to target only the oil and gas sector in the Middle East, but Dragos reported in May 2018 that the hackers had started attacking organisations worldwide, including the United States, and safety systems other than Triconex. In a blog post published on Friday, Dragos revealed that the threat group had been spotted targeting electric utilities in the United States and the APAC region through tactics similar to ones used against the oil and gas sector. Fortunately, the industrial cybersecurity firm said none of the attacks appeared to have resulted in a successful intrusion into the targeted organisation.
Andrea Carcano, CPO and Co-Founder at Nozomi Networks:
TRITON demonstrated the ingenuity of hackers and escalated the threat of virtual intrusions to a critical level. The fact that the same threat actors are now scanning the US electric grid is a troubling development. It shows their interest and could be a first step towards something more dangerous.
It is imperative to put plans in place that will prevent malicious attacks. Luckily, we are seeing the establishment of a larger cyber security community that is sharing its expertise and knowledge with a common goal to identify, raise awareness, and provide solutions to cybersecurity challenges. A recent survey on the state of OT/ICS cyber security by the SANS Institute, sponsored by Nozomi Networks, revealed that the security posture of organisations using Industrial control systems is maturing, and organisations are adopting the necessary security strategies to address OT/IT convergence. As demonstrated by the innovation and implementation of advanced cybersecurity technologies, such as machine learning and artificial intelligence, are an important step toward safe and reliable critical infrastructure.”